Valid JPG and HTML in one file

This is an embedded landing page for an image. You can link to this URL and get the HTML document you are viewing right now (soon to include essential squirrel facts); or embed the exact same URL as an image on your own squirrel-themed page:

According to the internet, here's how the page works:

start page with JPEG header

insert HTML content inside JPEG header's comment field

hide the JPEG body and header data from the browser using CSS

when the browser gets the HTML, parses out the HTML and renders the surrounding stuff as text, but that gets hidden by CSS

I call bullshit, tons of wild animal species will eat out of a person's hand if they've become accustomed to humans and view them as nonthreatening enough to risk getting close. Furthermore, if we expand our definition of "eat out of a person's hand" to not require that hand remain whole and attached to the arm during the process, virtually all wild animal species will fit that description.

In colder regions such as the UK, squirrels plan ahead in order to survive the challenging winter months. They store nuts and seeds at various locations and return to them throughout the winter to maintain their energy levels when food is scarce.

I doubt city squirrels do this any more. The resident squirrels where I live just eat from bins or bird seed holders. Some people actually leave out food for squirrels!

@Fox isn't the implication that a squirrel with no prior exposure to humans will eat out of your hand? Mostly, this only happens with island species that have no predators so aren't accustomed to being cautious. One famous example is the dodo

@Luhmann fun dodo fact, nobody really knows what they looked like. The image most people think of comes from the illustrations in Alice in Wonderland, but this was well after they went extinct and no contemporary drawings exist

Yes. Since the things I found buried tended to be peanuts or occasionally walnuts, neither of which can be found in the area without human intervention, it seems reasonable to conclude that the squirrels were burying a cache despite a likely supply of human-provided food throughout the winter.

't the implication that a squirrel with no prior exposure to humans will eat out of your hand?

Then I still call bullshit, because squirrels who haven't been accustomed to humans flip the fuck out if you even move. So unless you're a damned statue and you make yourself smell nice to squirrels, they won't come near you.

@Fox yes, but surely the browser shouldn't execute this type of code ... I am just surprised that a browser would let that happen.

Why not? When it's inside an <img> tag, it's naturally interpreted as an image. But when it's served as a regular page, the browser interprets it as HTML. If the headers don't say what to do with it, this is perfectly ordinary behavior. And ordinarily, web pages can run scripts, subject to all the usual security restrictions.

@ben_lubar figured out how to neuter it, though, by adding some headers in user-uploaded files, so now the browser won't allow scripts to run.

But when it's served as a regular page, the browser interprets it as HTML. If the headers don't say what to do with it, this is perfectly ordinary behavior. And ordinarily, web pages can run scripts, subject to all the usual security restrictions.

It depends how this acts cross domain, if this is the behaviour with images from another domain ... sorry but the browser should throw a fit.